Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: wozz+incidents () WOOKIE NET (Wozz)
Date: Mon, 28 Feb 2000 17:25:33 -0700
On Mon, Feb 28, 2000 at 11:32:39AM -0500, Greg A. Woods wrote:
[ On Friday, February 25, 2000 at 18:41:39 (-0700), Wozz wrote: ]Subject: Re: @home: Is *anyone* really home there??? I'm the head of the security department for a large nationwide cable modem provider that is in the exact same situation @home is. We get hundreds and hundreds of complaints a day, often times about how someone's "hacking" them, when in fact, someone misdirected a web browser in their direction.I've had words with the Jammer support folks to try and convince them that (a) this kind of event is not necessarily a "scan" of any type and it is most definitely not a "TCP port scan" when seen on its own, and (b) it's just as likely that the source address is forged, (c) to use a better choice of words and to avoid "hack" and "attack" and their derivatives, and finally (d) to include the IP number of the client at the time of the incident. Unfortunately I don't think I've had any success at convincing them to change anything at all.
Jammer is the worst offender. Its gotten to the point where I'm ready to start ignoring Jammer reports, since i think i've had 1 out of maybe 2000 reports from Jammer state anything useful. I've also talked to them abotu this "port scan" message and never got a response.
BTW everyone, I really really really detest the misuse of the words "attack" and "hacker" in any of these situations. Wozz put the word in quotes which is correct, but the Jammer folks don't and the Jammer subject line nearly drives me up the wall even before I read the messages! (Yes I manage my own stress level so as to avoid popping any important blood vessels over this! ;-)
The overuse of these home "firewall" solutions is making overall security worse, IMHO. I spend a majority of my time at work filtering through stuff like this, and not spending time working on things that would actually improve security. Thankfully, I've just recently gotten approval to hire someone to just sit there and sift through all this junk for me.
Current thread:
- Re: @home: Is *anyone* really home there??? Maniac . (Feb 23)
- Re: @home: Is *anyone* really home there??? The Undernet Bonk (Feb 24)
- Received message from Russian hackers David Meissner (Feb 25)
- <Possible follow-ups>
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Jeffrey Papen (Feb 24)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? David Kennedy CISSP (Feb 28)
- TIS and fingerprinting Dino Amato (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 28)
- Re: @home: Is *anyone* really home there??? Wozz (Feb 25)
- ssh wierdness spiff (Feb 26)
- Re: ssh wierdness Markus Friedl (Feb 28)
